At times we discover malware that has a completely different face than the common threats that we diligently warn computer users of their dangers. This time, we notify the public of BlackMoon, a banking Trojan horse that has so far stole over 100,000 South Korean banking account credentials. BlackMoon has been found on a number of computer servers and formed a botnet, which is a group of compromised and infected computers, to carry out malicious actions to steal online banking information.
BlackMoon has been identified as the technical name of W32/Banbra, as stated by the researchers at Fortinet. The functions of BlackMoon are to connect to a command and control server where it downloads instructions to carry out malicious activities over the Internet. Among those activities, BlackMoon is able to use auto-config files (PAC) to hijack Internet traffic data transmitted where it may obtain banking credentials, which could include login usernames and passwords. So far, the actions of BlackMoon are ramping up and could spread into other regions of the world outside of South Korea.
BlackMoon is known to come from an executable file but its initial delivery is currently unknown. We suspect BlackMoon may be spread through the same methods as much older banking Trojans where they loaded from downloads obtained on malicious websites, which can be from pop-up prompts that falsely claim that your computer has software that needs to be updated. In such a case we draw contrast to the common scams of fake Flash Player update pop-ups initiating the download of malware when gullible computer users click on the so-called update link.
Preventing infection of BlackMoon may be a task that is left to using and keeping updated antimalware software running on your system. In doing so, such software may be able to detect and prevent infection from BlackMoon, which may be identified as the W32/Banbra Trojan horse. Additionally, it is important to avoid clicking on questionable popups or downloading questionable files from websites that appear to be mischievous.